I can't get the Malware off of my computer I believe it's called Advanced Antivirus Remover. I have gone through as many steps/solutions as i could find on this site but no matter what I do (including renaming mbam), unstalling/reinstalling mbam. Nothing I do seems to work, the second i hit the scan button mbam is killed and now I tried the hijackthis and it is currently frozen, which means I will have to reboot yet again. I don't know what else to do, please help.

Well I haven't gotten any replys yet so far, but I did some more looking at other people's problems from yesterday, and found somone segesting combofix. Sofar sogood but just in case here is the log.




ComboFix 09-09-10.03 - Dan 09/12/2009 8:56.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1736 [GMT -7:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Dan\LOCALS~1\Temp\csrss.exe
c:\docume~1\Dan\LOCALS~1\Temp\lsass.exe
c:\docume~1\Dan\LOCALS~1\Temp\services.exe
c:\docume~1\Dan\LOCALS~1\Temp\svchost.exe
c:\docume~1\Dan\LOCALS~1\Temp\taskmgr.exe
c:\docume~1\Dan\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Dan\Application Data\twain_32
c:\documents and settings\Dan\Application Data\twain_32\user.ds
c:\documents and settings\Dan\Start Menu\Advanced Virus Remover.lnk
c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\windows Police Pro.exe
c:\windows\Installer\21b15.msi
c:\windows\system32\1858338.dll
c:\windows\system32\41.exe
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk
c:\windows\system32\desote.exe
c:\windows\system32\Drivers\hzzahans.sys
c:\windows\system32\drivers\kbiwkmmuqqjxic.sys
c:\windows\system32\drivers\UACd.sys
c:\windows\system32\drivers\WZSZXtpafydjxmlnsmlatvgoejkcttjnvnppj.sys
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\kbiwkmaynjaiif.dat
c:\windows\system32\kbiwkmlocfqwkb.dll
c:\windows\system32\kbiwkmrtyrdyvn.dll
c:\windows\system32\kbiwkmumeeutmw.dat
c:\windows\system32\kbiwkmuxdppmpr.dll
c:\windows\system32\kbiwkmxnmfthos.dll
c:\windows\system32\logon.exe
c:\windows\system32\sonhelp.htm
c:\windows\system32\taJF83ikdmf.dll
c:\windows\system32\topnxfke.ini
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twain_32\user.ds.cla
c:\windows\system32\twext.exe
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\WZSZXdfxylvnecymnaldqlvmcxpdhjscvorcf.dll
c:\windows\system32\WZSZXdrqfljyjgviikhmycqritmdteelkrxdy.dll
c:\windows\system32\WZSZXltqwrqhbbgiytalkmoyqjwcdrvibrfvk.dat
c:\windows\system32\WZSZXoteioyvelyaebrnlncggwoybkbfgxgvr.dll
c:\windows\system32\WZSZXrxohxphdvjgpuogsdcxrwgvnbaklbqmp.dll
c:\windows\system32\WZSZXxftfmqeabpkpuvnsrubfapxwhxducbnr.log
c:\windows\Temp\1427699498.exe
c:\windows\Temp\3553636998.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmthjdgosw
-------\Legacy_kbiwkmthjdgosw
-------\Service_WZSZXserv.sys
-------\Legacy_WZSZXserv.sys
-------\Legacy_MSUPDATE
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.

2009-09-07 20:33 . 2009-09-07 20:33 -------- d-----w- C:\Trend Micro
2009-09-07 19:31 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 19:30 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 19:30 . 2009-09-07 20:20 -------- d-----w- C:\Malwarebytes' Anti-Malware
2009-09-07 18:31 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-07 18:31 . 2009-09-07 18:43 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-07 18:31 . 2008-12-18 18:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-07 18:30 . 2009-09-07 18:31 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-07 18:30 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-07 18:30 . 2009-09-07 18:44 -------- d-----w- C:\Spyware Doctor
2009-09-07 18:30 . 2009-09-07 18:30 -------- d-----w- c:\documents and settings\Dan\Application Data\PC Tools
2009-09-07 18:30 . 2009-09-07 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-06 16:22 . 2009-09-06 16:22 74992 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-06 16:20 . 2009-09-06 16:23 -------- d--h--w- c:\windows\PIF
2009-09-06 16:14 . 2009-09-06 16:14 1 ----a-w- c:\windows\system32\xd.dat
2009-09-06 16:14 . 2009-09-06 16:14 1 ----a-w- c:\windows\system32\q1.dat
2009-09-06 16:14 . 2009-09-06 16:14 1 ----a-w- c:\windows\system32\jc.dat
2009-09-06 16:14 . 2009-09-06 16:14 1 ----a-w- c:\windows\system32\idm.dat
2009-09-06 16:14 . 2009-09-06 16:14 1 ----a-w- c:\windows\system32\c2d.dat
2009-09-02 16:34 . 2009-09-02 16:34 43008 ----a-w- c:\windows\system32\lupgh.dll
2009-08-29 17:27 . 2009-09-11 20:21 -------- d-----w- C:\Mozilla Firefox
2009-08-23 17:32 . 2009-08-23 17:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-21 10:02 . 2009-08-21 10:02 -------- d-----w- C:\74001b98b66b0597a4c5a2b10d
2009-08-21 09:03 . 2009-08-21 09:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-21 04:56 . 2009-08-21 04:56 -------- d-----w- c:\documents and settings\Dan\Application Data\InfraRecorder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 16:06 . 2008-08-17 07:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-11 21:05 . 2006-02-28 12:00 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-09-07 18:43 . 2009-09-07 18:43 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-29 08:16 . 2008-08-17 07:27 -------- d-----w- c:\program files\Java
2009-08-27 01:49 . 2009-08-27 01:49 10618 ----a-w- c:\program files\uvxsiog.txt
2009-08-26 03:45 . 2008-02-21 22:58 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 03:34 . 2008-02-21 21:49 -------- d-----w- c:\documents and settings\Dan\Application Data\Ahead
2009-07-29 01:18 . 2009-07-29 01:18 -------- d-----w- c:\documents and settings\Dan\Application Data\RegClean
2009-07-25 12:23 . 2009-01-11 21:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-08-10 06:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-17 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Zune Launcher"="c:\zune\ZuneLauncher.exe" [2008-12-12 157312]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"ISTray"="c:\spyware doctor\pctsTray.exe" [2009-07-23 1181064]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

c:\documents and settings\Dan\Start Menu\Programs\Startup\
Neverwinter Nights Registration.lnk - c:\neverwinternights\NWN\ereg\ATR1.EXE [2008-5-13 4947968]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\UnrealTournament\\System\\UnrealTournament.exe"=
"c:\\Rohan\\rohanclient.exe"=
"c:\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/7/2009 11:31 AM 206256]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/22/2009 4:33 PM 55152]
R2 sdAuxService;PC Tools Auxiliary Service;c:\spyware doctor\pctsAuxs.exe [9/7/2009 11:30 AM 348752]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2/21/2008 2:43 PM 1310720]
S2 mlgjdlxw;mlgjdlxw;c:\windows\system32\drivers\hmuj.sys --> c:\windows\system32\drivers\hmuj.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} - hxxp://bgweb.nowcdn.co.kr/bin/DownStarter.cab
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\xdo0lkxr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - plugin: c:\divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\divx\DivX Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.3.1314.1135\npCIDetect12.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-RegClean - c:\regclean\RegClean.exe
HKCU-Run-AlcoholAutomount - c:\alcohol soft\Alcohol 120\axcmd.exe
HKLM-Run-C6501Sound - c6501.cpl
HKU-Default-Run-minix32 - c:\windows\system32\minix32.exe
ShellExecuteHooks-{549925D9-6F7D-49A7-93CC-D79CB1F42F90} - (no file)
Notify-ssqPgFYr - ssqPgFYr.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 09:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4036)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WudfHost.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\SoftwareDistribution\Download\Install\windows-kb890830-v2.14-delta.exe
c:\618bb25d568197c7cebd\mrtstub.exe
c:\windows\system32\MRT.exe
.
**************************************************************************
.
Completion time: 2009-09-12 9:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-12 16:08

Pre-Run: 315,997,437,952 bytes free
Post-Run: 317,969,915,904 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
277 --- E O F --- 2009-09-02 10:00




Now I just hope this virus stays gone.

Welcome to the forum Azhri

I see windows has been updating, restart the PC if you havent already.

In the furture do not run combofix unless an analyst suggests it please.

Run Mbam, Update, do a quickscan, take action if items are found and post its log.
Restart the PC if mbam suggested it.

Run combofix update if it says a new version is available and post its log again.

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.